version.txt

2025-11-17: November 17, 2025

- Refactor install scripts for clarity.

--------------------------
2025-11-05: November, 2025

Update your runners! We're enabling the ability to create auto-injected credentials from inside the H3 Portal or from the API.
- 'cache-secret' now supports AutoInjectedCredentials secret types

---------------------
2025-09-12: September, 2025

New subcommand `h3 uninstall-ad-agent {ad-agent-uuid}` for uninstalling an AD Agent on your host.

---------------------
2025-08-12: August, 2025

Bug fix: Install script error fix

---------------------
2025-08-05: August, 2025

Bug fix: Upgrading from the UI is failing due to the working directory of runner.

---------------------
2025-08-01: August, 2025

🚀 NEW: MCP Server Integration!

- 🎉 We're now hosting a Model Context Protocol (MCP) server in our Dockerhub registry! This enables seamless AI assistant 
  interactions with H3 APIs for advanced automation. See the README.md in the mcp folder for setup instructions.

2025-07-18: July, 2025

easy_install.sh updates:
- <h3_env> now accepts `https://api.` urls as an input and sets .h3/default.env values for `H3_AUTH_URL` and `H3_GQL_URL`
- add argument <download_url> to easy_install.sh eg. `easy_install.sh <api_key> <runner_name> <h3_env> <download_url>`

h3-cli Commands:
- `h3 upgrade ng`  sets the `downloads.horizon3ai.com` url as the download URL for making upgrades to h3-cli.  This replaces calls to `github.com`
- Added `~/.h3/__global__.env` to hold variables that are set across profiles.  Currently only holds `H3_CLI_DOWNLOAD_URL` to specify where to download CLI from
- `git clone` has been removed as a install option.  `git pull`, `unzip`, and `tar` are still available when updating from Github
- Installing and upgrade from `downloads.horizon3ai.com` only uses unzip to install/upgrade
- NEW commands `cache-secret` and `install-ad-agent`
- Restarts active runners after h3-cli is upgraded

---------------------
2025-06-05: June, 2025

Add additional environments for h3env parameter (us, eu, fed-fh, fed-h3)

---------------------
2025-05-02: May, 2025

UPDATE: POTENTIAL BREAKING CHANGE to action_logs query:

We made significant improvements to the performance of the action logs query (h3 gql action_logs {op-id}). 
However, as a result, the payload returned by the query has changed.  The mitre_mappings field has been 
lifted out of module_meta and added to the ActionLog type directly.  If you are using this query, please 
adjust your query parsers as needed.

The old payload:

  fragment ActionLogFragment on ActionLog {
      start_time
      end_time
      endpoint_ip
      cmd
      module_id
      module_name
      module_description
      module_meta {
          mitre_mappings {
              mitre_tactic_id
              mitre_technique_id
              mitre_subtechnique_id
          }
      }
      target_h3_names
      exit_code
      op_id
  }

The new payload:

  fragment ActionLogFragment on ActionLog {
      start_time
      end_time
      endpoint_ip
      cmd
      module_id
      module_name
      module_description
      mitre_mappings {
          mitre_tactic_id
          mitre_technique_id
          mitre_subtechnique_id
      }
      target_h3_names
      exit_code
      op_id
  }


Other notable updates:

- Added optional h3env parameter to install scripts (easy_install.sh, install.sh), for selecting the H3 regional env 
  to connect to (prod, prod_eu, fh-prod).
- Added new subcommand h3 gql-def, for fetching GraphQL API documentation for a given GraphQL type, field, or enum.


-----------------------
2025-03-26: March, 2025

Notable updates:

- Capture IP Address: NodeZero runners will capture their host IP address to be informative and debugging purposes
- Bug fixes in stop-runner and delete-runner that prevented the systemd service from being stopped and removed


--------------------------
2024-11-21: November, 2024

Notable updates:

- Added azure-mfa as an Auto-Injected Credential type. h3 create-auto-injected-credential '{"key_type":"azure-mfa", "mfa_device_flow_id":"12344321-4321-1234-4321-123443211234"}'
- Create Auto-Injected credentials in Kubernetes: h3 create-auto-injected-credential {json} kubernetes {kubernetes-namespace} {kubernetes-runner-name}
- Bug fixes related to using the system's http_proxy/https_proxy settings


---------------------------
2024-09-06: September, 2024

Bug fixes:

- Fixed a bug affecting the NodeZero Runner install script when Docker is configured to use a proxy.


----------------------
2024-07-20: July, 2024

Notable updates:

- Honor Docker proxy settings: NodeZero Runners configured as a systemd service now recognize and honor Docker proxy settings defined in ${HOME}/.docker/config.json.
- Cleanup systemd service files: h3 delete-runner will now automatically cleanup its systemd service files under /etc/systemd/system/{runner_name}*
- Automatic docker pruning: Define the env var H3_CLI_DOCKER_PRUNE=1 and h3-run-nodezero will automatically prune unused docker containers and images, via sudo docker system prune -a -f, prior to running NodeZero.  This helps avoid running out of disk space due to old NodeZero images.  This is especially useful when running pentests on a regular schedule using a NodeZero Runner.

New subcommands:

- h3 runner-services - Shows all Runner services registered with systemd on the local machine
- h3 weaknesses-stream {op_id} - Streams all weaknesses from the given {op_id}
- h3 gql-stream {graphql-file} {array-field} [{vars}] - Streams the output from the paginated query in {graphql-file}


--------------------------
2023-11-20: November, 2023

Bug fixes:

- Fixed an "API request failed" error that NodeZero Runners in the EU region would hit after initial installation (restarting the Runner resolved the issue).


-------------------------
2023-10-30: October, 2023

New Features:

- Auto-Injected Credentials. You can now use the h3-cli and a NodeZero Runner to auto-inject credentials into a regularly scheduled pentest.

New Subcommands:

- h3 create-auto-injected-credential
- h3 auto-injected-credentials
- h3 delete-auto-injected-credential


---------------------------
2023-09-05: September, 2023

Auto-restart NodeZero Runners: We've added support for registering NodeZero Runners as a system service using systemd on Linux. This enables auto-restart of the NodeZero Runner when the system reboots or the Runner process fails for any reason.

Subcommand: h3 start-runner-service {runner_name}

Visit the NodeZero Runner documentation for more details.


----------------------
2023-06-05: June, 2023

Latest updates:

- added versioning (see h3 version)
- improved/simplified installing and upgrading h3-cli (see README.md and h3 upgrade)
- added self-upgrading capability for NodeZero Runners
- added process pid to NodeZero Runner registration

New subcommands:

- h3 version
- h3 upgrade
- h3 env


----------------------
2023-06-01: June, 2023

New h3 subcommands. Run h3 help for more info.

- h3 runner {name}
- h3 runner-commands {name}
- h3 tail-runner {name}
- h3 delete-runner {name}
- h3 run-nodezero-on-runner {op_id} {runner_name}
- h3 schedule {name}
- h3 delete-profile {name}

Other updates:

- Added support for EU accounts.
- NodeZero Runner command logs are now surfaced under h3 runner-commands.
- Email notifications are now sent for NodeZero Runner command errors.
- Several documentation updates related to API key permissions, NodeZero Runners, and creating pentest schedules.


---------------------
2023-05-01: May, 2023

Added new subcommands:

- h3 archive-pentest
- h3 unarchive-pentest
- h3 delete-pentest
- h3 gql-describe

Changed agent-related subcommand names to new "Runner" terminology (note that the old "agent" subcommands are still supported):

- h3 agents -> h3 runners
- h3 start-agent -> h3 start-runner
- h3 ps-agent -> h3 ps-runner
- h3 stop-agent -> h3 stop-runner
- h3 hello-agent -> h3 hello-runner

Updated documentation related to NodeZero Runners.


-----------------------
2023-04-01: April, 2023

Minor updates:

- Updates to install.sh to use the currently active h3-cli profile, if defined.
- Made {h3-api-key} an optional parameter on install.sh. The user can configure it manually in ~/.h3/default.env.